Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Knowing what vulnerabilities interest malicious actors is a critical step in assessing the risk of vulnerabilities found in your environment. On August 3rd, CISA released their Top Routinely Exploited Vulnerabilities report for the year 2022 and inside comes little surprise as to most of the culprits. Bugs tied to ransomware incidents continue to dominate the eyes of the agencies behind these joint advisories in hopes that the number of complete owns will diminish.

We are delighted to announce that ManageEngine PAM360 will now utilize Zoho Flow’s extensive product gallery to automate privileged access security workflows for more than 850 business applications and enterprise IT management tools.

When I was looking to break into the cybersecurity industry, I found myself overwhelmed with the sheer amount of content to learn and try. So much of the content, you had to purchase certain things, or it was way too complicated for me to understand at the time. Today, I wanted to break down create an easy walk-through on how to set up a functional threat hunting lab.

It’s that not-so-wonderful time of the year when we look at the most significant data leaks, breaches, and hacks in 2023. This year, data leaks remain a consistent threat to our data, with an average cost of $4.35 million. This article looks at some of the most significant cyberattacks that happened throughout the year, what caused them, how the business reacted, and valuable tips on protecting yourself from the cyber world’s biggest threat.

When was the last time you received a phishing attempt through text? I’m guessing it was earlier this week, if not at some point today. Being part of the cybersecurity community keeps us watchful and aware of the ways scammers try to steal our information. But how adept are our parents at spotting these scams? The dangers of online scams and mobile phishing are real and everywhere. Yet, many of our parents and grandparents are navigating this new form of deception without much understanding.

As cyber threats grow more frequent and sophisticated, the need for vigilant defense is paramount, and cybersecurity is top of mind for organizations nationwide. Understanding the threat landscape and current and future trends is crucial to designing effective security strategies to mitigate risk and keep companies, their employees, and their data safe. The following threat trends are of particular importance, affecting organizations of all sizes.

Over the past several months, AT&T Managed Detection and Response (MTDR) security operations center (SOC) analysts have seen an increase in the usage of phishing emails containing malicious QR codes. In a recent example, a customer that was victimized by a phishing attempt provided the AT&T analysts with an email that was circulated to several of its internal users.

On Wednesday, October 4th 2023, Daniel Stenberg, one of Curl’s core maintainers announced that a forthcoming release of Curl, version 8.4.0, is scheduled to be available on October 11th 2023 at approximately 06:00 UTC. The upcoming release will include fixes for two Curl vulnerabilities that they had discovered. One of these vulnerabilities is rated as having low severity (CVE-2023-38546), whereas the second one is considered high severity (CVE-2023-38545).

On October 4, 2023, the curl project maintainers sent out a pre-notification that curl version 8.4.0, expected to be released on October 11 (around 06:00 UTC), will address what they denote as the most serious vulnerability in recent years. Curl is a de-facto standard in the software business when it comes to web requests, and supports a wide range of communication protocols. Depending on the vulnerability, it could have far reaching implications.

Safeguarding your own personal digital ecosystem is your responsibility. However, the effectiveness of your organization’s cybersecurity measures heavily relies on the collective efforts of every member in your organization. Inspired by the Cybersecurity Awareness Month (CSAM), it serves as a reminder that individual choices can significantly impact overall cybersecurity.